INFA 630 New Reputation Pre-processor In Snort Essay Papers.
INFA 630 New Reputation Pre-processor In Snort Essay Papers.
Lab Assignment #3
Our third and final lab assignment builds on the “unacceptable site” detection we worked on in
assignment #2. In this lab we will attempt to accomplish the same goal using the new reputation
preprocessor in Snort. The documentation on the reputation preprocessor and the available
configuration options are in section 2.2.19 (starting on p. 119) of the Snort Manual, which is
posted under General Information under Course Content for your reference. INFA 630 New Reputation Pre-processor In Snort Essay Papers.
ORDER A PLAGIARISM-FREE PAPER HERE
The basic function of the reputation preprocessor is similar in many ways to basic firewall operation: the
preprocessor evaluates source and destination IP addresses in network packets to see if they
appear on either a “whitelist” of approved/acceptable addresses or a “blacklist” of prohibited
addresses.INFA 630 New Reputation Pre-processor In Snort Essay Papers.
Packets containing IP addresses on the blacklist are dropped. The overall intent for
this assignment is to block access to the “bad” site you selected for Lab #2 by adding the site to a
blacklist and enabling the reputation preprocessor in snort.conf.
To complete this assignment successfully, you will need to first edit the snort.conf file as
follows:
At the end of Step #1, either set the path to the reputation preprocessor file location or
comment out these two lines (you can declare the blacklist file directly in the
preprocessor configuration settings if you don’t want to use a variable reference).
At the end of Step #5, configure the reputation preprocessor. Look at the first
configuration example on page 119 of the Snort Manual as a guide, which simply
includes the preprocessor declaration and the specification of the blacklist and whitelist
files. You can run the preprocessor with either or both of these files, so for our purposes
you might just specify a blacklist file. The configuration could be as simple as:
“preprocessor reputation: blacklist /etc/snort/black.list”
Save the snort.conf file.
Now, create a blacklist file and put it in the proper directory (such as /etc/snort/rules on Linux or
C:\Snort\etc\rules on Windows). A blacklist file is just a plain text file with one IP address (or
address range, using CIDR notation) per line. The blacklist file name and file location should of
course match what you specified in the preprocessor configuration in snort.conf. Then startup
Snort as you would normally, open a browser, and visit the site corresponding to the IP
address(es) in the blacklist file.INFA 630 New Reputation Pre-processor In Snort Essay Papers.
For this assignment, compose a short writeup for submission to your Assignments folder that
includes the following:
1. The “unacceptable” site you selected in Lab #2 (you can pick a new one for this
assignment if you prefer).
2. The IP address (individual, multiple, or a range) associated with that site. If you don’t
know the IP address, you can either open a command shell and ping the site (e.g. “ping
www.facebook.com”), which will return the primary IP address on screen, or you can
look up the site on Netcraft.com to find one or more IP addresses used by the site.
3. The contents of the blacklist file the reputation preprocessor references.
4. A brief summary comparing the rule-based and preprocessor-based approaches used in
Lab #2 and #3, with an emphasis on identifying any strengths or weaknesses associated
with each approach.
5. If you are able to get Snort to run successfully with the reputation preprocessor active,
include the output produced (a copy of the ASCII log file is sufficient).
As in Lab Assignment #2, the successful completion of this exercise does not require you to use
an actual inappropriate site. The primary purpose of this exercise is not to make you an expert in
the reputation preprocessor, but to illustrate the point that there are often multiple viable
approaches to accomplishing the same intrusion detection objectives
i need this done in 6 hours maximum. kindly bid after reading the details careful
INF630_Lab3-12
Calculate the price of your order
The price of a paper depends on the number of pages, academic level and the urgency. Our prices are discounted and start from as low as $10 per page. To know how much you would pay for an order, fill in the basic paper details.
Confidentiality and Security
We take confidentially of our customers seriously. This is the reason we use only PayPal to make payments that require only an email. This means you can order and pay for your order without disclosing your full identity and with no trace to you or your credit/debit card details as this information is only shared with PayPal, a trusted international payment system. Our website is also encrypted to ensure additional security. In addition, we never sell your paper nor divulge the paper or client details to anyone.
Authenticity
We write all our papers from scratch and never plagiarize at all. Our papers are 100% original with no plagiarism element even when many students place a similar order with us. You are guaranteed of a custom-made non-plagiarized paper that you cannot find anywhere else even in part whenever you order from us.
Professionalism
Professional writers in the various fields who have a wealth of experience in academia write all your papers. You are, therefore, guaranteed of a well-researched paper with the right content and in the correct structure. All our papers are properly referenced and any sources used are correctly cited using your preferred referencing styles such as APA, MLA, OSCOLA, Harvard, Chicago/Turabian, Vancouver, or any other referencing style you prefer.
Our services are legal and acceptable
Do you know that it is legal to seek our academic writing services and is not against the policies of your university, college or any other learning institution?
You are not prohibited from getting our custom-made papers if you use them in any of the following ways;
- As a source for additional understanding of the subject
- As a source of ideas for your research, in this case, it should be properly referenced
- For proper paraphrasing as per your schools plagiarism definition and acceptable paraphrase
- Direct citing in your work, when properly referenced.
